Principle one of the Data Protection Act 1998 provides that your personal data shall be processed fairly and lawfully. As part of the process of demonstrating fair and lawful processing, organisations when collecting your information should provide a fair processing notice or more usually called a privacy notice.
This sounds relatively straightforward; however, the Information Commissioner's Office "believes that some existing privacy notices contain too much legal jargon and are written to protect organisations, rather than to inform the public about how their information will be used." On the basis of this the ICO has launched a consultation on a new draft code of practice (the Code) aimed at helping organisations put together more 'user friendly' privacy notices. The 17 page Code contains drafting tips and examples of what the ICO would consider good practice and what it would consider bad practice.
Whilst the ICO highlights bad practices and the need to have clearer statements, the Code of Practice helpfully comments that "organisations should not be scared of using personal information in a reasonable way which people would expect" and highlights that where an organisation is "going to use personal information in a way that is controversial or unexpected, or if sensitive or confidential information is involved, organisations should ensure they explain this to people."
The ICO believes that the Code will help organisations comply with "one of he most important but most misunderstood parts of the Act." His consultation on the Code closes on 3rd April 2009.